POSITION DESCRIPTION

Similar documents
POSITION DESCRIPTION

POSITION DESCRIPTION

POSITION DESCRIPTION

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

New Zealand Certificate in Regulatory Compliance (Operational Practice) Level 4

New Zealand Certificate in Regulatory Compliance (Core Knowledge) (Level 3)

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

Security and Privacy Governance Program Guidelines

Introduction to ISO/IEC 27001:2005

NSPCC JOB DESCRIPTION

Qualification details

Policy for Accrediting Assessment Bodies Operating within the Cradle to Cradle Certified Product Certification Scheme. Version 1.2

Security Director - VisionFund International

IQ Level 4 Award in Understanding the External Quality Assurance of Assessment Processes and Practice (QCF) Specification

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

- OQSF - Occupational Qualifications Sub-framework

Position Description IT Auditor

Qualification details

Position Description For ICT Officer Support Information, Technology and Communication Department Hobart

Digital Health Cyber Security Centre

Chartered Membership: Professional Standards Framework

THE TRUSTED NETWORK POWERING GLOBAL SUPPLY CHAINS AND THEIR COMMUNITIES APPROVED EDUCATION PROVIDER INFORMATION PACK

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

9 March Assessment Policy for Qualifications and Part Qualifications on the Occupational Qualifications Sub-Framework (OQSF)

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

UK Permanent Salary Index November 2013 Based on registered vacancies and actual placements

COBIT 5 Foundation. Certification-led Audit, Security, Governance & Risk

C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT

Typical Training Duration 11 months

Todmorden High School Job Description

ASSISTANT ICT NETWORK MANAGER. JOB DESCRIPTION Support Staff

Position Description For ICT Systems Officer Information, Technology and Communication Department Hobart

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Spillemyndigheden s requirements for accredited testing organisations. Version of 1 July 2012

ROLE DESCRIPTION IT SPECIALIST

Strategic Security Analyst

SAVANNAH LAKES VILLAGE PROPERTY OWNERS ASSOCIATION, INC. JOB DESCRIPTION

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

PROTERRA CERTIFICATION PROTOCOL V2.2

falanx Cyber ISO 27001: How and why your organisation should get certified

ISO/IEC ISO/IEC White Paper

Manchester Metropolitan University Information Security Strategy

Policies and Procedures Date: February 28, 2012

Information Security Strategy

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

IRMSA: Endorsement Policy 2013

Global Wind Organisation CRITERIA FOR THE CERTIFICATION BODY

Qualification details

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

MNsure Privacy Program Strategic Plan FY

PRIOR LEARNING ASSESSMENT AND RECOGNITION (PLAR)

Evaluation of technologies that will improve the UEL IT infrastructure, recommending and advising on strategic improvements

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018

The Government IT Profession: Embedding IT Professionalism in Your Organisation

PROFILE FRANCIS KAITANO. Francis Kaitano is a strategic, innovative, delivery focused Cyber Security professional.

Implementation of INFCIRC 901: Promoting Certification, Quality Management and Sustainability of Nuclear Security Training

Technical Information Assurance Team Structure. and Role Description

To use centralised systems for remote control of computers and deployment of software, system images and security updates.

NZQA registered unit standard 8086 version 7 Page 1 of 5. Demonstrate knowledge required for quality auditing

19 March Assessment Policy for Qualifications and Part Qualifications on the Occupational Qualifications Sub-Framework (OQSF)

SABSA. Title / definition. Type. Owner. Brief history and description SHERWOOD APPLIED BUSINESS SECURITY ARCHITECTURE (SABSA )

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

IS Audit and Assurance Guideline 2002 Organisational Independence

Cyber Security Strategy

Canada Life Cyber Security Statement 2018

Qualification Specification

Building resilience. Delivering assurance.

IT Information Security Manager Job Description

National Diploma in Building Control Surveying (Small Buildings) (Level 5)

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

ANZPAA National Institute of Forensic Science BUSINESS PLAN

Business Continuity Policy

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

Pearson BTEC Level 4 Diploma in Information Security Professional Competence

Google Cloud & the General Data Protection Regulation (GDPR)

Marine Institute Job Description

Conference for Food Protection. Standards for Accreditation of Food Protection Manager Certification Programs. Frequently Asked Questions

Position Title: IT Security Specialist

Qualification details

Governance, Organisation, Law, Regulation and Standards Syllabus QAN 603/0855/2

Level Access Information Security Policy

Application for Certification

Information Technology Branch Organization of Cyber Security Technical Standard

TEL2813/IS2820 Security Management

WELCOME ISO/IEC 27001:2017 Information Briefing

KENYA ACCREDITATION SERVICE

What is BS 7799? BS 7799 is the most influential, globally recognised standard for information security management.

V&A/Icon Conservation and Collections Care Technicians Diploma What is the V&A / Icon Conservation and Collections Care Technicians Diploma?

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

Policy. Business Resilience MB2010.P.119

Qualification Specification. Suite of Internal Quality Assurance Qualifications

National Diploma in Fire and Rescue Services (Vegetation Fire Fighting - Management) (Level 5)

Transcription:

UNCLASSIFIED IT Security Certification Assessor POSITION DESCRIPTION Unit, Directorate: Location: IT & Physical Security, Protective Security Wellington Salary range: H $77,711 - $116,567 Purpose of position: The purpose of this position is to assess systems against government standards to ensure compliance and operability. This position will also be seen as the certification subject matter expert offering advice and guidance to a range of individuals / teams. Our mission at the NZSIS is to keep New Zealand and New Zealanders safe and secure Our values are Collaborative, Courageous, Positive, Driven and Self-aware Protective Security purpose: The Protective Security (PS) Directorate delivers a full range of protective security functions to the New Zealand Intelligence Community (NZIC) and for New Zealand. Our focus is also on leveraging the strong foundations that we have established to enhance our recognition as a NZIC protective security exemplar and to assists key New Zealand institutions to mitigate their insider threat risks through effective security clearance management, vetting services and counter intelligence functions. The PS Directorate also leads the implementation of the Protective Security Requirements (PSR) programme, which aims to substantially improve the security culture of the public service and, potentially, the private sector. UNCLASSIFIED

Key accountabilities Deliverables/Outcomes Assess IT systems for certification Assess compliance of systems for system security Assess test plans and test results for system security Complete inspection and audit of systems Production of a final report comprising findings of the assessment and recommendations to the Certification Authority Maintain records on the management and status of system certifications Promotes the certification practice in the NZIC Systems are thoroughly assessed for compliance in accordance with standards, legislation and regulations. System owners furnish fulsome test methodologies including the process for testing systems to ensure they are secure and results attest to this outcome. System inspections and audits are completed via a paper based review of certification artefacts and/or a hands-on interaction with the system functionality provided by a Subject Matter Expert. Recommendations to the Certification Authority are to the expected standard and meet requirements. Reviews and recommendations are made in a timely manner as agreed with management / stakeholders. All records on the management and status of system certifications are complete, correct and easily accessible. Is recognised as the subject matter expert in system certification. Ensures certification artefacts (templates) are up to date and accurately reflect standards (such as the PSR and ISM). Provides accurate and timely certification advice and guidance to ITSAs as they work collaboratively with system owners/project teams. Provides timely and relevant education on certification requirements, including delivery of training and educational materials. Risk management All activities take account of security, operational and organisation reputational risk and these risks are managed to approved standards and escalated to management where appropriate. All activities are consistent with NZSIS legally mandated role and functions. Any residual risks in systems are identified and highlighted.

Health and safety (for self) Work safely and take responsibility for keeping self and colleagues free from harm Report all incidents and hazards promptly Know what to do in the event of an emergency Cooperate in implementing return to work plans Be a visible role model at all times Follow NZSIS s safety rules and procedures Other duties A safe and healthy workplace for all people using our sites as a place of work All requirements in the NZIC Health and Safety policy and procedures are met Any other duties that fall within the scope of the position Position delegation Financial delegation: None Key stakeholders Internal: Directorate staff and contractors NZSIS system owners and their representatives/associates (system administrators, system engineers, testers etc.) NZIC Certification Authorities NZIC Chief Information Security Officers NZIC Chief Security Officers NZIC IT Security Managers NZIC COMSOs External: GCSB system owners GCSB Accreditation team members Counterparts within the wider New Zealand Intelligence Community and central government agencies, including Police, NZDF, Customs, MFAT, MPI and MBIE Other partner intelligence agencies and law enforcement organisations Other relevant public or private sector organisations as required

Person Specification Experience: Knowledge and Skills: Qualifications and Courses: At least five years experience in large scale and complex IT systems design, implementation and maintenance. Experience in conducting IT security assessments, audits and applying security risk management practices. Experience in the intelligence sector Proven knowledge and application of: o AS/NZS ISO 31000:2009 Risk Management principles and guidelines. o ISO/IEC 27006:2011 Information Technology Security Techniques Requirements for bodies providing audit and certification of information security management systems. o ISO/IEC 27007:2011 Information Technology Security Techniques Guidelines for information security management systems auditing Proven understanding of protective security principles and practices, including familiarity with Protective Security Requirements and the New Zealand Information Security Manual. Holistic understanding and exposure to certification and accreditation frameworks in an Intelligence Community context. A high level of accuracy and attention to detail. Professional customer focus with a strong commitment to providing a high standard of customer service. Information Systems or Computer Science degree, or Information Assurance and Security (Level 7) Graduate Diploma ISACA Certified Information Systems Auditor or Security Manager (CISA/CISM) or GIAC Security s (GSEC), or equivalent experience IT security qualification such as System Security Certified Practitioner (SSCP) Other industry recognised certification such as:

Specific Job Requirements: o o Information Technology Infrastructure Library (ITIL) The Open Group Architecture Framework (TOGAF) Demonstrated high levels of integrity and an ability to maintain a TSS security clearance. Well developed interpersonal skills with the ability to engage with a diverse range of people at all levels of the organisation. Ability to work independently using sound judgement and initiative. Proven ability to work as a member of a successful team at all levels of the organisation. Strong analytical skills with the ability to work methodically and display an aptitude for problem solving. Excellent written and oral communication skills, with an ability to convey technical information in a manner that is understood by the audience. Self motivated with excellent planning and organisational skills, and the ability to prioritise tasks to meet deadlines and effectively manage changing priorities. Proven coaching and mentoring skills and ability. Changes to Position Description Positions in the NZSIS may change over time as the organisation develops. Therefore we are committed to maintaining a flexible organisation structure that best enables us to meet changing market and customer needs. Responsibilities for this position may change over time as the job evolves. This Position Description may be reviewed as part of planning for the annual performance cycle. Date PD reviewed: 16/01/2019 Signatures Manager s Name Signature Date: Employee s Name Signature Date:

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback